Description
The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdf_membership_check_facebook_user' and the 'eltdf_membership_login_user_from_social_network' function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
Published: 2025-12-10
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Authentication Bypass to Administrative Accounts
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the Elated Membership WordPress plugin, specifically in versions 1.2 or earlier. The plugin’s social login functions, 'eltdf_membership_check_facebook_user' and 'eltdf_membership_login_user_from_social_network', fail to complete the authentication handshake after previous validation. As a result, an attacker who can create a temporary user account and knows the target administrator’s email can trigger the social login flow and be logged in as that administrator without any password. This bypass enables full administrative control over the site, including configuration changes, user management, and potential malware installation, thereby compromising confidentiality, integrity, and availability.

Affected Systems

Vulnerable instances of the Elated Membership plugin for WordPress, used on any WordPress site that has the plugin installed in a version equal to or older than 1.2. The problem affects all sites that enable the temporary user creation feature and allow social login via Facebook.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, and the EPSS score of less than 1% suggests that active exploitation is currently rare, though the low probability does not diminish the potential damage. The vulnerability is not listed in the CISA KEV catalog, but the impact level remains high. It is inferred that attackers can reach the flaw remotely via the public-facing social login endpoint, making the attack vector network-based. Successful exploitation requires that the attacker can create a temporary user on the target site and obtain the victim administrator’s email address, after which the authentication bypass grants full administrative privileges.

Generated by OpenCVE AI on April 22, 2026 at 00:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch that fixes the authentication bypass (CWE‑289) by upgrading Elated Membership to version 1.3 or later.
  • Until a patch is applied, mitigate the missing authentication flaw (CWE‑289) by disabling or restricting the social login feature so that only trusted accounts can use it.
  • Disable the plugin’s temporary user creation capability, preventing attackers from creating accounts that could be leveraged for the social login bypass (CWE‑289).
  • Implement additional verification, such as two‑factor authentication or email confirmation, for administrative accounts to further protect against unauthorized access due to the authentication bypass (CWE‑289).

Generated by OpenCVE AI on April 22, 2026 at 00:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Elated Themes
Elated Themes elated Membership
Wordpress
Wordpress wordpress
Vendors & Products Elated Themes
Elated Themes elated Membership
Wordpress
Wordpress wordpress

Wed, 10 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Dec 2025 02:30:00 +0000

Type Values Removed Values Added
Description The Elated Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.2. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'eltdf_membership_check_facebook_user' and the 'eltdf_membership_login_user_from_social_network' function. This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site which can easily be created by default through the temp user functionality, and access to the administrative user's email.
Title Elated Membership <= 1.2 - Authentication Bypass via Social Login
Weaknesses CWE-289
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Elated Themes Elated Membership
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:32:27.160Z

Reserved: 2025-11-24T17:18:21.090Z

Link: CVE-2025-13613

cve-icon Vulnrichment

Updated: 2025-12-10T15:24:55.129Z

cve-icon NVD

Status : Deferred

Published: 2025-12-10T03:15:46.250

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-13613

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T00:30:04Z

Weaknesses